Description

Cross-site scripting (XSS) vulnerability in IFrame type Remote Apps in Liferay Portal 7.4.0 through 7.4.3.30, and Liferay DXP 7.4 before update 31 allows remote attackers to inject arbitrary web script or HTML via the Remote App's IFrame URL.

Remediation

References

CVE-2023-33940

Related Vulnerabilities

WordPress Plugin Metform Elementor Contact Form Builder-Flexible and Design-Friendly Contact Form builder for WordPress Cross-Site Scripting (3.1.2)

Plone CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32633)

SharePoint CVE-2020-0850 Vulnerability (CVE-2020-0850)

Claroline Other Vulnerability (CVE-2005-1374)

WordPress Plugin Easy2Map Multiple Vulnerabilities (1.2.9)

Severity

Medium

Classification

CVE-2023-33940 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities